Produced By: Ensombl
Cybersecurity has become one of the most pressing issues of our time. As organizations grapple with increasingly sophisticated threats in both the public and private spheres, professionals must combine technical knowledge with ethical responsibility. Fostering a culture of trust, competence, and social responsibility is paramount—not only for safeguarding client data but also for ensuring that broader communities, customers, and stakeholders remain well-protected.
In a recent conversation, Host Patrick Gardner spoke with Rob Dawson, an IT professional with extensive experience in workflow automation, managed IT services, and cybersecurity. Their dialogue traversed a range of topics from nostalgic tales of old technology to the complexities of the Australian Signals Directorate’s “Essential Eight” cybersecurity framework. This article synthesizes that discussion into a comprehensive look at how organizations, especially in regulated industries like law and finance, can uphold high standards of professionalism and ethics through robust cybersecurity practices.
What follows is an exploration of critical cybersecurity measures, strategies for organizational buy-in, the ethical duties IT professionals and business leaders must uphold, and how a simplified yet holistic approach can advance both security and efficiency. By weaving in Dawson’s insights and observations, along with references to how frameworks like the Essential Eight operate in practice, we’ll reveal an actionable roadmap to align technical rigor with ethical conduct.
Before delving into cybersecurity and ethics, it’s helpful to understand the trajectory that brought many professionals to the digital age. For Rob Dawson, one of the more amusing anecdotes he shared was about his oldest piece of technology—a Surface Pro 3 with a cracked screen. Despite its wear, that decade-old device sometimes comes out of storage because it houses remnants of previous businesses and projects. In many ways, this anecdote is emblematic of how technology holds both historical and practical value: even outdated hardware can store critical data worth safeguarding.
However, while there is nostalgia in old tech, the present is squarely pointed toward artificial intelligence (AI) and automation. Dawson described how he frequently uses AI to generate executive summaries, sales proposals, or tender documentation. In a professional context, leveraging AI to transcribe and summarize client meetings or to quickly compile information into coherent proposals saves time, encourages productivity, and enhances clarity. Yet each time a new AI tool is introduced, it raises important ethical questions about data usage, privacy, and the potential for unintended consequences.
From an ethical standpoint, it is crucial for companies to:
These small steps keep teams grounded in the ethical implications of new technologies, underlining professionalism and respect for privacy.
Rob Dawson’s path into IT was somewhat serendipitous. Initially aiming for a career in civil engineering, he found himself offered an IT traineeship in local government instead. There, managing technology for an organization with 1,500 users across multiple sites, he learned core skills that would shape his future. After moving into Managed Service Provider (MSP) work, he pivoted to document and content management, setting the stage for an eventual specialization in workflow automation and process optimization.
Following stints in Queensland and Sydney, Dawson settled into a partnership with Mertech (spelled “MYRTEC”), which formed part of his impetus to return to an in-office environment after years of working remotely. This professional trajectory reveals the ethical mindset that underpins robust IT support:
Both traits align well with an ethical foundation for cybersecurity. When professionals have a history of working in high-stakes, regulated environments, the norms of caution, diligence, and respect for privacy become second nature. This background made Dawson and his team at Mertech particularly adept at serving legal, accounting, finance, and NDIS-based organizations—sectors that handle highly sensitive data requiring rock-solid cybersecurity.
During the conversation, Dawson cited three core principles that guide Mertech’s approach to managed IT: Simplify, Secure, and Develop. Each principle underscores not only a technical capability but also an ethical stance on how best to protect client data and maintain the integrity of systems.
In Australia, the Essential Eight is a government-endorsed baseline of cybersecurity controls. It began as guidance from the Australian Signals Directorate (ASD) in 2017, identifying the eight key strategies that prevent the most common forms of compromise. The Essential Eight is broken down by maturity levels (MLs):
Implementing the Essential Eight helps businesses improve their security posture. However, as Dawson points out, the Essential Eight alone does not cover everything (for instance, mobile device management and certain user training aspects). Nevertheless, it provides a strong foundation, especially for small to mid-sized firms in regulated industries like law or accounting.
Below is a concise overview of each control in the Essential Eight (with ethical considerations woven in):
Dawson’s conversation with Gardner covered best practices that complement the Essential Eight, such as using password managers (e.g., Keeper) and cloud backups. Importantly, while many assume Microsoft 365 automatically backs up their data, it is, in reality, more of a synchronization or replication service. If you accidentally delete a file—or if a malicious actor does—Microsoft does not retain that file permanently. This underscores the necessity of offsite backups:
Beyond frameworks like the Essential Eight, Dawson emphasized the crucial role of cyber insurance and compliance. Insurers, being risk underwriters, demand concrete proof of a company’s security posture before they will assume liability. A robust approach to meeting insurance requirements typically involves:
When organizations operate under licensees, as is common in financial services, the licensee often sets stringent cybersecurity standards. Those standards reflect not just insurer expectations but also legal guidelines from regulatory bodies like ASIC (Australian Securities and Investments Commission). Meeting those guidelines is a condition of ethical and legal compliance, ensuring the confidentiality and integrity of client financial data.
Measuring cybersecurity improvements is no trivial task. Tools like Microsoft Secure Score help assess security baselines in Microsoft 365 and provide incremental improvements that administrators can implement. A few notable examples:
Using such measurement tools instills a sense of accountability, aligning with the broader ethical imperative of transparency and ongoing improvement. Dawson suggests that organizations aim for a Microsoft Secure Score of at least 60 if they fall under regulated industries; though 50 might suffice for smaller entities, aiming higher helps ensure resilience in a volatile cyber climate.
No matter how advanced or carefully deployed the technology, humans remain the weakest link in cybersecurity. Dawson underscores a holistic approach, often summarized as people, process, and technology working in harmony.
Fostering an ethical cybersecurity culture means ensuring that each layer complements the others. Employees who understand the moral and legal implications of compromised data are more likely to engage seriously with training and protocols. Company leaders who champion these ideals model behavior that resonates through the entire organization.
Throughout the conversation, both Patrick Gardner and Rob Dawson returned to the notion that cybersecurity is never a “set and forget”. The complexity of current threats calls for ongoing diligence. Businesses must integrate professionalism and ethics at every level, from how they store decades-old data on a cracked Surface Pro to how they roll out advanced AI-driven workflow automation.
Cybersecurity is as much about protecting data and complying with regulations as it is about upholding ethical standards of trust and service. In this evolving digital world—where AI has become ubiquitous, and threat actors continuously refine their strategies—staying informed is not optional. Professionals have a duty of care to ensure that data under their stewardship is handled responsibly, ethically, and effectively. Organizations must commit time and resources to implement frameworks such as the Essential Eight, while also going beyond those basics to address issues like mobile device security, password management, and social engineering risks.
Rob Dawson’s insights illustrate that the road to strong cybersecurity begins with a clear set of guiding principles. Simplify the technology stack wherever possible, secure each remaining layer diligently, and finally develop new efficiencies that harness the potential of AI and automation. This triad ensures not just the creation of a robust security perimeter, but the fostering of a corporate culture that values responsibility, transparency, and ethical conduct.
Ultimately, cybersecurity must be seen as an ongoing journey—one that demands vigilance, adaptability, and above all, integrity. By focusing on the interplay of people, process, and technology, and recognizing that each has an ethical dimension, businesses can align with best practices while maintaining the highest professional standards. From critical backups to well-structured administrative privileges, each decision ties back to the same foundational ethos: to protect and respect the data entrusted to them.
Accreditation Points Allocation:
0.10 Technical Competence
0.10 Regulatory Compliance and Consumer Protection
0.10 Professionalism and Ethics
0.30 Total CPD Points